ibm-cloud-sdk-core 5.3.2 → 5.4.1

package/es/auth/authenticators/mcsp-authenticator.js

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2023.
+ * (C) Copyright IBM Corp. 2023, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,8 +29,6 @@ export class McspAuthenticator extends TokenRequestBasedAuthenticator {
      * @param options - Configuration options for CloudPakForData authentication.
      * This should be an object containing these fields:
      * - url: (required) the endpoint URL for the CloudPakForData token service
-     * - username: (required) the username used to obtain a bearer token
-     * - password: (optional) the password used to obtain a bearer token (required if apikey is not specified)
      * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified)
      * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
      * should be disabled or not
@@ -49,7 +47,7 @@ export class McspAuthenticator extends TokenRequestBasedAuthenticator {
         this.tokenManager = new McspTokenManager(options);
     }
     /**
-     * Returns the authenticator's type ('cp4d').
+     * Returns the authenticator's type ('mcsp').
      *
      * @returns a string that indicates the authenticator's type
      */

package/es/auth/authenticators/mcspv2-authenticator.d.ts

@@ -0,0 +1,95 @@
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { BaseOptions, TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
+import { McspV2TokenManager } from '../token-managers/mcspv2-token-manager';
+/** Configuration options for Multi-Cloud Saas Platform (MCSP) v2 authentication. */
+export interface Options extends BaseOptions {
+    /**
+     * (required) The API key used to obtain an MCSP access token.
+     */
+    apikey: string;
+    /**
+     * (required) The URL representing the MCSP token service endpoint.
+     */
+    url: string;
+    /**
+     * (required) The scope collection type of item(s).
+     * Valid values are: "accounts", "subscriptions", "services".
+     */
+    scopeCollectionType: string;
+    /**
+     * (required) The scope identifier of item(s).
+     */
+    scopeId: string;
+    /**
+     * (optional) A flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeBuiltinActions?: boolean;
+    /**
+     * (optional) A flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeCustomActions?: boolean;
+    /**
+     * (optional) A flag to include the "roles" claim in the MCSP access token (default: true).
+     */
+    includeRoles?: boolean;
+    /**
+     * (optional) A flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     */
+    prefixRoles?: boolean;
+    /**
+     * (optional) A map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     * The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     * This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     */
+    callerExtClaim?: object;
+}
+/**
+ * The McspV2Authenticator invokes the MCSP v2 token-exchange operation (POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token)
+ * to obtain an access token for an apikey, and adds the access token to requests via an Authorization header
+ * of the form:  "Authorization: Bearer <access-token>"
+ */
+export declare class McspV2Authenticator extends TokenRequestBasedAuthenticator {
+    protected tokenManager: McspV2TokenManager;
+    /**
+     * Create a new McspV2Authenticator instance.
+     *
+     * @param options - Configuration options for MCSP v2 authentication.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    constructor(options: Options);
+    /**
+     * Returns the authenticator's type ('mcspv2').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    authenticationType(): string;
+}

package/es/auth/authenticators/mcspv2-authenticator.js

@@ -0,0 +1,63 @@
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Authenticator } from './authenticator';
+import { TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
+import { McspV2TokenManager } from '../token-managers/mcspv2-token-manager';
+/**
+ * The McspV2Authenticator invokes the MCSP v2 token-exchange operation (POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token)
+ * to obtain an access token for an apikey, and adds the access token to requests via an Authorization header
+ * of the form:  "Authorization: Bearer <access-token>"
+ */
+export class McspV2Authenticator extends TokenRequestBasedAuthenticator {
+    /**
+     * Create a new McspV2Authenticator instance.
+     *
+     * @param options - Configuration options for MCSP v2 authentication.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    constructor(options) {
+        super(options);
+        // All we really need to do is construct the token manager, passing in
+        // our Options object since it contains the same fields as the
+        // token manager's Options interface.
+        // Note that the token manager handles input validation.
+        this.tokenManager = new McspV2TokenManager(options);
+    }
+    /**
+     * Returns the authenticator's type ('mcspv2').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    // eslint-disable-next-line class-methods-use-this
+    authenticationType() {
+        return Authenticator.AUTHTYPE_MCSPV2;
+    }
+}

package/es/auth/token-managers/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,8 @@
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
- * Multi-Cloud Saas Platform (MCSP)
+ * Multi-Cloud Saas Platform (MCSP) V1
+ * Multi-Cloud Saas Platform (MCSP) V2
  *
  * The token managers sit inside of an authenticator and do the work to retrieve
  * tokens, whereas the authenticators add these tokens to the actual request.
@@ -32,7 +33,8 @@
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
- *   McspTokenManager: Token Manager of MCSP via apikey.
+ *   McspTokenManager: Token Manager of MCSP v1 via apikey.
+ *   McspV2TokenManager: Token Manager of MCSP v2 via apikey.
  *   JwtTokenManager: A class for shared functionality for parsing, storing, and requesting JWT tokens.
  */
 export { IamTokenManager } from './iam-token-manager';
@@ -43,4 +45,5 @@ export { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
 export { TokenManager, TokenManagerOptions } from './token-manager';
 export { VpcInstanceTokenManager } from './vpc-instance-token-manager';
 export { McspTokenManager } from './mcsp-token-manager';
+export { McspV2TokenManager } from './mcspv2-token-manager';
 export { IamAssumeTokenManager } from './iam-assume-token-manager';

package/es/auth/token-managers/index.js

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,8 @@
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
- * Multi-Cloud Saas Platform (MCSP)
+ * Multi-Cloud Saas Platform (MCSP) V1
+ * Multi-Cloud Saas Platform (MCSP) V2
  *
  * The token managers sit inside of an authenticator and do the work to retrieve
  * tokens, whereas the authenticators add these tokens to the actual request.
@@ -32,7 +33,8 @@
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
- *   McspTokenManager: Token Manager of MCSP via apikey.
+ *   McspTokenManager: Token Manager of MCSP v1 via apikey.
+ *   McspV2TokenManager: Token Manager of MCSP v2 via apikey.
  *   JwtTokenManager: A class for shared functionality for parsing, storing, and requesting JWT tokens.
  */
 export { IamTokenManager } from './iam-token-manager';
@@ -43,4 +45,5 @@ export { JwtTokenManager } from './jwt-token-manager';
 export { TokenManager } from './token-manager';
 export { VpcInstanceTokenManager } from './vpc-instance-token-manager';
 export { McspTokenManager } from './mcsp-token-manager';
+export { McspV2TokenManager } from './mcspv2-token-manager';
 export { IamAssumeTokenManager } from './iam-assume-token-manager';

package/es/auth/token-managers/jwt-token-manager.js

@@ -1,6 +1,6 @@
 /* eslint-disable class-methods-use-this */
 /**
- * (C) Copyright IBM Corp. 2019, 2024.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -71,8 +71,9 @@ export class JwtTokenManager extends TokenManager {
             logger.error(err);
             throw new Error(err);
         }
-        // the time of expiration is found by decoding the JWT access token
-        // 'exp' is the time of expire and 'iat' is the time of token retrieval
+        // The expiration time is found by decoding the JWT access token.
+        // 'exp' is the "expiration time" claim.
+        // 'iat' is the 'issued at' claim.
         const { exp, iat } = decodedResponse;
         // There are no required claims in JWT
         if (!exp || !iat) {
@@ -83,6 +84,8 @@ export class JwtTokenManager extends TokenManager {
             const fractionOfTtl = 0.8;
             const timeToLive = exp - iat;
             this.expireTime = exp;
+            // The refresh time represents the time when the token has effectively
+            // existed for 80% of its time to live.
             this.refreshTime = exp - timeToLive * (1.0 - fractionOfTtl);
         }
         this.tokenInfo = Object.assign({}, responseBody);

package/es/auth/token-managers/mcspv2-token-manager.d.ts

@@ -0,0 +1,112 @@
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
+/**
+ * Configuration options for MCSP v2 token retrieval.
+ */
+interface Options extends JwtTokenManagerOptions {
+    /**
+     * (required) The API key used to obtain an MCSP access token.
+     */
+    apikey: string;
+    /**
+     * (required) The URL representing the MCSP token service endpoint.
+     */
+    url: string;
+    /**
+     * (required) The scope collection type of item(s).
+     * Valid values are: "accounts", "subscriptions", "services".
+     */
+    scopeCollectionType: string;
+    /**
+     * (required) The scope identifier of item(s).
+     */
+    scopeId: string;
+    /**
+     * (optional) A flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeBuiltinActions?: boolean;
+    /**
+     * (optional) A flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeCustomActions?: boolean;
+    /**
+     * (optional) A flag to include the "roles" claim in the MCSP access token (default: true).
+     */
+    includeRoles?: boolean;
+    /**
+     * (optional) A flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     */
+    prefixRoles?: boolean;
+    /**
+     * (optional) A map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     * The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     * This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     */
+    callerExtClaim?: object;
+}
+/**
+ * Token Manager for Multi-Cloud Saas Platform (MCSP) V2 authentication.
+ *
+ * The McspV2TokenManager will invoke the MCSP token service's 'POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token'
+ * operation to obtain an MCSP access token for an apikey.
+ */
+export declare class McspV2TokenManager extends JwtTokenManager {
+    protected requiredOptions: string[];
+    private apikey;
+    private scopeCollectionType;
+    private scopeId;
+    private includeBuiltinActions;
+    private includeCustomActions;
+    private includeRoles;
+    private prefixRoles;
+    private callerExtClaim;
+    /**
+     * Create a new McspV2TokenManager instance.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    constructor(options: Options);
+    private PATH_TEMPLATE;
+    protected requestToken(): Promise<any>;
+    /**
+     * Parses the Options configuration property named by 'fieldName' as a boolean value.
+     * The value in the Options object could be either boolean or string and this function
+     * will do its best to parse it correctly.
+     * @param options - the Options object containing the configuration
+     * @param fieldName - the name of the field to parse as a boolean
+     * @param defaultValue - the default value to use in case the specified field is not present in Options
+     * @returns boolean the boolean value to be used for the configuration property
+     */
+    private static parseBoolean;
+}
+export {};

package/es/auth/token-managers/mcspv2-token-manager.js

@@ -0,0 +1,151 @@
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import extend from 'extend';
+import { validateInput } from '../utils/helpers';
+import { buildUserAgent } from '../../lib/build-user-agent';
+import { JwtTokenManager } from './jwt-token-manager';
+import logger from '../../lib/logger';
+/**
+ * Token Manager for Multi-Cloud Saas Platform (MCSP) V2 authentication.
+ *
+ * The McspV2TokenManager will invoke the MCSP token service's 'POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token'
+ * operation to obtain an MCSP access token for an apikey.
+ */
+export class McspV2TokenManager extends JwtTokenManager {
+    /**
+     * Create a new McspV2TokenManager instance.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    constructor(options) {
+        super(options);
+        this.requiredOptions = ['apikey', 'url', 'scopeCollectionType', 'scopeId'];
+        // This is the path associated with the operation used to obtain
+        // an access token from the MCSP token service (v2).
+        // The path parameter references must match the keys used in pathParams below.
+        this.PATH_TEMPLATE = '/api/2.0/{scopeCollectionType}/{scopeId}/apikeys/token';
+        // The name of the field (within the token-exchange operation's responseBody)
+        // that contains the access token.
+        this.tokenName = 'token';
+        // Validate the required properties.
+        validateInput(options, this.requiredOptions);
+        this.url = options.url;
+        this.apikey = options.apikey;
+        this.scopeCollectionType = options.scopeCollectionType;
+        this.scopeId = options.scopeId;
+        // Now parse/validate the optional properties.
+        this.includeBuiltinActions = McspV2TokenManager.parseBoolean(options, 'includeBuiltinActions', false);
+        this.includeCustomActions = McspV2TokenManager.parseBoolean(options, 'includeCustomActions', false);
+        this.includeRoles = McspV2TokenManager.parseBoolean(options, 'includeRoles', true);
+        this.prefixRoles = McspV2TokenManager.parseBoolean(options, 'prefixRoles', false);
+        if ('callerExtClaim' in options) {
+            const value = options.callerExtClaim;
+            if (typeof value === 'string') {
+                try {
+                    this.callerExtClaim = JSON.parse(value);
+                }
+                catch (err) {
+                    throw new Error(`An error occurred while parsing the callerExtClaim value '${value}': ${err.message}`);
+                }
+            }
+            else if (typeof value === 'object') {
+                this.callerExtClaim = value;
+            }
+            else {
+                throw new Error(`callerExtClaim must be a string or object, but was '${typeof value}'`);
+            }
+        }
+        this.userAgent = buildUserAgent('mcspv2-authenticator');
+    }
+    requestToken() {
+        const requiredHeaders = {
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+            'User-Agent': this.userAgent,
+        };
+        const requestHeaders = extend(true, {}, this.headers, requiredHeaders);
+        // The keys used here must match the path parameter references in PATH_TEMPLATE above.
+        const pathParams = {
+            scopeCollectionType: this.scopeCollectionType,
+            scopeId: this.scopeId,
+        };
+        // The keys used here must match the operation's query parameter names.
+        const queryParams = {
+            includeBuiltinActions: this.includeBuiltinActions,
+            includeCustomActions: this.includeCustomActions,
+            includeRoles: this.includeRoles,
+            prefixRolesWithDefinitionScope: this.prefixRoles,
+        };
+        const requestBody = {
+            apikey: this.apikey,
+            callerExtClaim: this.callerExtClaim || undefined,
+        };
+        const request = {
+            options: {
+                method: 'POST',
+                url: this.url + this.PATH_TEMPLATE,
+                body: requestBody,
+                path: pathParams,
+                qs: queryParams,
+                headers: requestHeaders,
+                rejectUnauthorized: !this.disableSslVerification,
+            },
+        };
+        logger.debug(`Invoking MCSP v2 token service operation: ${request.options.url}`);
+        return this.requestWrapperInstance.sendRequest(request).then((response) => {
+            logger.debug('Returned from MCSP v2 token service operation');
+            return response;
+        });
+    }
+    /**
+     * Parses the Options configuration property named by 'fieldName' as a boolean value.
+     * The value in the Options object could be either boolean or string and this function
+     * will do its best to parse it correctly.
+     * @param options - the Options object containing the configuration
+     * @param fieldName - the name of the field to parse as a boolean
+     * @param defaultValue - the default value to use in case the specified field is not present in Options
+     * @returns boolean the boolean value to be used for the configuration property
+     */
+    static parseBoolean(options, fieldName, defaultValue) {
+        let result = defaultValue;
+        if (fieldName in options) {
+            const value = options[fieldName];
+            if (typeof value === 'boolean') {
+                result = value;
+            }
+            else if (typeof value === 'string') {
+                result = value.toLowerCase() === 'true';
+            }
+        }
+        return result;
+    }
+}

package/es/auth/token-managers/token-manager.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="node" />
 /**
- * (C) Copyright IBM Corp. 2020, 2024.
+ * (C) Copyright IBM Corp. 2020, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/es/auth/token-managers/token-manager.js

@@ -131,7 +131,7 @@ export class TokenManager {
      * @returns Promise
      */
     requestToken() {
-        const errMsg = '`requestToken` MUST be overridden by a subclass of TokenManagerV1.';
+        const errMsg = '`requestToken` MUST be overridden by a subclass of TokenManager.';
         const err = new Error(errMsg);
         logger.error(errMsg);
         return Promise.reject(err);

package/es/auth/utils/get-authenticator-from-environment.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/es/auth/utils/get-authenticator-from-environment.js

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { Authenticator, BasicAuthenticator, BearerTokenAuthenticator, CloudPakForDataAuthenticator, IamAuthenticator, IamAssumeAuthenticator, ContainerAuthenticator, NoAuthAuthenticator, VpcInstanceAuthenticator, McspAuthenticator, } from '../authenticators';
+import { Authenticator, BasicAuthenticator, BearerTokenAuthenticator, CloudPakForDataAuthenticator, IamAuthenticator, IamAssumeAuthenticator, ContainerAuthenticator, NoAuthAuthenticator, VpcInstanceAuthenticator, McspAuthenticator, McspV2Authenticator, } from '../authenticators';
 import { readExternalSources } from './read-external-sources';
 /**
  * Look for external configuration of authenticator.
@@ -90,6 +90,9 @@ export function getAuthenticatorFromEnvironment(serviceName) {
     else if (authType === Authenticator.AUTHTYPE_MCSP.toLowerCase()) {
         authenticator = new McspAuthenticator(credentials);
     }
+    else if (authType === Authenticator.AUTHTYPE_MCSPV2.toLowerCase()) {
+        authenticator = new McspV2Authenticator(credentials);
+    }
     else {
         throw new Error(`Invalid value for AUTH_TYPE: ${authType}`);
     }

package/es/lib/request-wrapper.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2014, 2024.
+ * (C) Copyright IBM Corp. 2014, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/es/lib/request-wrapper.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 /**
- * (C) Copyright IBM Corp. 2014, 2024.
+ * (C) Copyright IBM Corp. 2014, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -111,10 +111,15 @@ export class RequestWrapper {
      * @returns the string representation of the request
      */
     formatAxiosRequest(request) {
-        const { method, url, data, headers } = request;
+        const { method, url, data, headers, params } = request;
+        let queryString = stringify(params);
+        if (queryString) {
+            queryString = `?${queryString}`;
+        }
         const headersOutput = this.formatAxiosHeaders(headers);
         const body = this.formatAxiosBody(data);
-        const output = `${(method || '??').toUpperCase()} ${url || '??'}\n${headersOutput}\n${body}`;
+        const urlStr = url ? url + queryString : '??';
+        const output = `${(method || '??').toUpperCase()} ${urlStr}\n${headersOutput}\n${body}`;
         return redactSecrets(output);
     }
     /**